MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a00998d6a6c0d3db7d06cca0be5ae39b9c1884dda9f4dc4190bf0debc18da3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AsyncRAT


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a00998d6a6c0d3db7d06cca0be5ae39b9c1884dda9f4dc4190bf0debc18da3d
SHA3-384 hash: 33a365f5b706c88116e632af0b89ddda93a4176992c8ee9e4eeb22500f63130ebd780ce7551fcd1c8320f94ad2a48b85
SHA1 hash: 634d3b496208bcb1bfcaa38e1c1b5aac37f1f078
MD5 hash: 4abfb1e9e3bffd817522456252257e23
humanhash: blue-red-kilo-magazine
File name:4abfb1e9e3bffd817522456252257e23.exe
Download: download sample
Signature AsyncRAT
Create hunting rule
File size:1'146'880 bytes
First seen:2022-09-21 06:15:48 UTC
Last seen:2022-09-29 15:52:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:fJlmnN9TozlmMg0lFBg0Zmr/Yh51PWHzIr3d/z9Cb++jfWe103E:B8nN9Til/g0ZQlHzS3WcY0
Threatray 2'122 similar samples on MalwareBazaar
TLSH T1963512D1DBB4141FD9729DFFD659C4A19F42C8D08F720CB6A9E200AE094DD5C24BA2BB
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon d292b0b2da36bcbe (11 x AsyncRAT, 7 x Metasploit, 6 x CoinMiner)
Reporter abuse_ch
Tags:AsyncRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4abfb1e9e3bffd817522456252257e23.exe
Verdict:
Suspicious activity
Analysis date:
2022-09-21 06:22:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/37a677a8-445a-458d-841a-f818701455bf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/311963/
Detection(s):
SecuriteInfo.com.Win64.TrojanX-gen.11242.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/632aac86865ed83c011b5a94/reports/87e0a974-5018-43a4-adee-72d6cb4ac254/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/ad89686a-1c4d-46f2-a4ac-d0910fb148c6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1074329
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Encrypted powershell cmdline option found
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a00998d6a6c0d3db7d06cca0be5ae39b9c1884dda9f4dc4190bf0debc18da3d/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-09-20 20:31:58 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
13
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hiajtdlknqgt3n6qntfaxznohg44dccn3kpu3razbpyn5pay3i6q._file
Verdict:
malicious
Label(s):
asyncrat
Create hunting rule
Similar samples:
1628c7c85f687216c70bd768b4023e13693dfad1aef819de70d54cd82d39fe3a
AsyncRAT
378e955a6f493ef2b46ed3532845e352a51109867b12db4b561b64c301fb3166
AsyncRAT
3d538725fd27edb771e7e5c07a11508d7363dc6f0bdb438240bd34eae746aeed
AsyncRAT
3fba4c2bac1363433553b57b389916f759be99e350e8003bf3d2a5584ebe5f46
AsyncRAT
693e7d35129e53a8b686d79ac7e906746cc4fb5ec2806c188028dcd5e8d7164c
AsyncRAT
ba7eb469fe9c39c9ed627452aa90a74532d8246e493e1b55b3f3ebc079d4583f
AsyncRAT
ce64e9ecb6eafed95cc5fbe2b1f7eb84046a6f9cf93c344724fe7052b97a67eb
AsyncRAT
fc0aafee4fcb757e3db153155727f625b89a803b217e346e24db4a7714c50390
AsyncRAT
+ 2'112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220921-g1gwdabadl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/1af6049b-ffb3-473f-b125-82dc4e4690d9
Unpacked files
SH256 hash:
3a00998d6a6c0d3db7d06cca0be5ae39b9c1884dda9f4dc4190bf0debc18da3d
MD5 hash:
4abfb1e9e3bffd817522456252257e23
SHA1 hash:
634d3b496208bcb1bfcaa38e1c1b5aac37f1f078
Link:
https://www.unpac.me/results/8c27ee09-a12a-4d2e-892e-8597db770b45/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3a00998d6a6c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/3a00998d6a6c0d3db7d06cca0be5ae39b9c1884dda9f4dc4190bf0debc18da3d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AsyncRAT

Executable exe 3a00998d6a6c0d3db7d06cca0be5ae39b9c1884dda9f4dc4190bf0debc18da3d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2307201/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2306837/
Cape
Cape
https://www.capesandbox.com/analysis/311963/

Comments